Switching It Up: The Keys to a Secure, Reliable Ethernet Connection
June 9, 2021
By Allied Electronics & Automation
Allied’s “Ask The Expert” series taps into the experience and expertise of key thought leaders and subject matter experts from the more than 500 global suppliers we work closely with to bring customers solutions for their most challenging problems (and the daily ones, too).
We spoke with David Garcia, product manager at Moxa, who generously offered his vast experience and insight to help us better understand the myriad of considerations needed to create a secure, future-proof Ethernet network, as well as a few product recommendations from Moxa’s expansive catalogue of switches.
What are some of the most common causes for Ethernet connectivity issues today? Which elements of a network are susceptible to the most risk?
Anything with an IP address on an open network can be susceptible to unauthorized access. So, to minimize this, any good network design will include using managed network switches with enhanced security features, as well as using a layered approach between each connection to mitigate the potential for a breach. This concept known as defense-in-depth– which includes segmenting the network, creating secure tunnels for secure remote access by adding firewalls between each network segment– is a great way to filter out any unwanted traffic, create rules to tightly control communication, and essentially ensure that nothing outside the network is talking to the device that is not supposed to. Following defense-in-depth security measures is a great way to not only secure your network, but also enhance the performance, provide visibility and minimize downtime. Let’s be honest, the time for basic connectivity is long gone; it is no longer enough to simply plug your device to the network. Remote access, asset visibility, and access to data is driving the need for more security.
Then there’s the risk of the human element. As the network grows, you need a way of managing it. Let’s say you select the right switches with the right features, put the necessary firewalls between each segment, have a good VPN encryption for remote access, but what’s going to happen six months from now, or a year from now? How do you monitor if your policies are being followed, or that newly added devices are properly configured? Using tools like MxView, which is a piece of network monitoring software, is a great way provide centralized network management. This tool is very valuable because you can monitor and manage your entire OT network— or even multiple sites — from one place.
If you have remote network sites, or if you have large facilities that have hundreds or thousands of nodes to manage, this tool will save you countless troubleshooting hours, reduce downtime, and alert you to security events. Its biggest benefit, however, is that it lets you spot issues before they become problems.
How do Ethernet connectivity needs vary across different sectors and what considerations need to be made when selecting appropriate network equipment?
There are quite a few considerations when selecting the right network switch. Reliability is an extremely important consideration for our customers who cannot rely on enterprise-level equipment to work in extreme environments day in and day out. Also considerations are going to be drastically different between say, a traffic light and a safety system in an oil and gas processing plant. If a switch goes out at a traffic light, you can dispatch a truck and drive to the location, but in a refinery or substation, a switch might be surrounded by flammable vapors and gasses. Depending on the situation, safety can be a real concern. In that case you are going to need equipment that can reliably operate at all times despite the environment. Certain equipment pieces will be certified for these kinds of environments, and if you have a standard you need to meet such as Class C1D2 for explosive environments, you’re going have a requirement to show that the design complies with the standard.
The next thing to consider is future proofing your investment. You have to ask yourself questions like: Will this be good enough for a couple of years, or will you be needing to add more devices down the line? Do you foresee having to add a camera for security or process monitoring? Although this network is currently for an isolated remote system, will you one day need to connect to a SCADA system or control center that’s miles away? What about remote access to an isolated network — how secure is your access? I have never seen a network shrink; when the times comes to grow, you want to make sure the network has the ability, while being optimized and secure.
Finally, no one should select networking equipment without considering the level of support it has behind it. This is a huge thing! A lot of people that I talk to already have a switch that probably does what I’m able to provide from a feature set standpoint, but they may not have the proper support. There could be a lot of reasons for this — maybe they have to pay exorbitant contracts on a yearly basis, or maybe the people they talk to just don’t understand their unique situation — but regardless of the cause this can be incredibly frustrating. You should make sure you have good support that walks you through the situation at hand.
What are the some of the most common switch types, and what characteristics separate them from one another?
The most basic switch is called an unmanaged switch, which is essentially “plug and play” for connecting devices in your panel to the network. The pros are cost and ease-of-use — they are great for basic device connectivity. The cons are a lack of visibility, so troubleshooting network issues is almost impossible and very time consuming. Also, there is no redundancy, so if you lose your connection there is no backup. This is not good, if you are trying to reduce downtime.
At the next level, we have managed switches which need to be configured, but they do so much more than any unmanaged switch. Managed switches offer visibility, performance enhancement, data management, and security. Unfortunately, the biggest obstacle to adoption of managed switches for OT engineers is lack of expertise. They struggle with questions like what features they need, what price points should they look at, or if this is overkill for their needs.
Beyond these options, there are also modular switches, which are like back planes that have network and power modules that can slide in an out of a system. These are great for applications where you need flexibility and want to connect a lot of PoE or fiber. There are also rack mount switches. To select the best switch for any application, you must be clear about what you are trying to do.
Allied’s ongoing partnership with Moxa includes the creation of more than 1,000 industrial communications products including Ethernet switches, protocol converters, and routers. What has Allied brought the table in this partnership?
Allied helps us lot of ways, actually. When you are talking about reach and the customer base, Allied and its distribution network from a vendor standpoint, provides exposure and helps us find customers and markets who might benefit from the technologies we offer ranging from device connectivity solutions to computer management solutions. It’s a fantastic mutual relationship; Allied brings the experience that they have with their customers, and Moxa, through our information and support capabilities, brings the connectivity piece it needs to guide customers in their purchasing journey.
And what’s most exciting is that this partnership is still relatively young. We are both still growing and learning each other’s capabilities, but the potential of what we can accomplish together is incredible.
Some of the new products available through Allied include Moxa’s EDS-2000-EL Series of Ethernet switches. What makes this new line unique?
We’re really excited about these. One of my favorite offerings in this line is the EDS-2005-EL switch. It’s pocket size, no taller than a business card, which is perfect for somebody who has a very small panel like one you’d find at a kiosk in a terminal station. It’s going to increase your connectivity; it’s cost-effective; it has one of the smallest footprints of anything available in the market right now; and it even runs on very low power, which is perfect for locations that may run on solar or battery power. Plus, it’s super reliable and can handle harsh conditions no problem. If you are trying to save money, this option will be cheaper than most enterprise-level switches and still offer you all the connectivity you need for really small compact applications. And like all of Moxa’s products, it comes with our free five-year warranty that covers all RMA and replacement costs, as well as completely free technical support.
Are there any other new offerings Moxa is excited to introduce through Allied? What are some future developments in Moxa’s catalogue that we could look forward to?
There are! As an example, we have another new switch called the SDS-3008, which is an eight-port switch. It’s really slim, as well, but this switch is specifically tailored for industrial customers who don’t feel comfortable configuring a switch. It has a simple dashboard, so you don’t need to navigate any tabs. It also has industrial protocol support for Modbus, Ethernet/IP, and Profinet, which can be enabled with single click. IGMP snooping, which is necessary for multicast traffic, is built into that profile. That feature alone will solve most of your problems with communication over an unmanaged switch, if you are using Allen Bradley equipment.
We also made a 16-port version, as well, which features gigabit uplinks. This means that it has more throughput for fatter pipes to send more data back to the controller. For anyone who’s scared of managed switches, this and the eight-port version are in my opinion exactly what they should look at if they want to dip their toe into them.
Moxa is also continually offering more free resources for our customers through our website, especially resources related to cybersecurity and network protection. We have webinars, videos, ebooks, infographics, white papers, and much more to ensure we keep customers as educated as possible in this rapidly evolving world. One resource I like to recommend is a detailed checklist designed to walk customers through an analysis of their defense-in-depth security measures. I highly recommend checking it out!